<?php
require_once '../common.php';
if(isset($_POST['form'])){

    $FormName = $_POST['form'];

    switch($FormName){
        case 'register':

            $firstName  = $db->convertAndStrip($_POST['txtFirstName']);
            $lastName   = $db->convertAndStrip($_POST['txtLastName']);
            $gender     = $db->convertAndStrip($_POST['rdoGender']);

            $username   = $db->convertAndStrip($_POST['txtUsername']);
            $beforeMd5  = $db->convertAndStrip($_POST['txtPassword']);
            $password   = md5($beforeMd5);
            $email      = $db->convertAndStrip($_POST['txtEmail']);
            $mobile     = $db->convertAndStrip($_POST['txtMobile']);
            $address    = $db->convertAndStrip($_POST['txtAddress']);
            $country    = $db->convertAndStrip($_POST['cboCountry']);
            $submitDate = date('Y-m-d H:i:s');
			$member_status = "1";
            //$activateCode= $username.$password;

            $query  = $db->query("SELECT COUNT(*) AS cnt FROM member WHERE member_username='$username'");
            $res    = $db->fetch($query);

            if($res['cnt']>0){
                echo 'Someone has registered with the same Username. Please choose different Username. ~username';
                exit;
            }

            $result = $db->query("INSERT INTO `member`(
                    `member_username`,`member_password`,`member_firstname`,`member_lastname`,`member_gender`,`member_address`,`member_country`,
                    `member_mobile`,`member_email`,`member_submitdate`,`member_status`
                )VALUES(
                    '$username','$password','$firstName','$lastName','$gender','$address','$country',
                    '$mobile','$email','$submitDate','$member_status'
                )");

            if(!$result){
                echo "error";
                exit;
            }
			else{					
					echo 'Thank you very much! Your account has been enabled. You may now Sign In on the web page. ~success';
			}
								
			break;
        
		case 'login':
            $username = $db->convertAndStrip($_POST['txtusername']);
            $password = md5($db->convertAndStrip($_POST['txtpassword']));

            $query = $db->query("SELECT member_id, member_username FROM member WHERE member_username='$username' AND member_password='$password' AND member_status=1");
            $result= $db->fetch($query);
            $count = $db->count($query);
            if($count==1){
                $_SESSION['member_id']=$result['member_id'];
                $_SESSION['auth']=1;
                $_SESSION['member_username']=$username;
                echo "~success";
            }else{
                echo "Wrong Password! ~error";
            }

        break;

        case 'product_post':
            $categoryClass->setComboQuery($_POST['cat_id']);
            echo $categoryClass->getComboBox("cboSubCategory",null,"-----Select SubCategory -------",'Style="width: 510px;" id="cboSubCategory"');
        break;

        case 'product_post_insert':
            
            $member_id  = $_SESSION['member_id'];
            $title      = $db->convertAndStrip($_POST['txtadtitle']);
            $category   = $db->convertAndStrip($_POST['cboCategory']);
            $subcategory= $db->convertAndStrip($_POST['cboSubCategory']);
            $price      = $db->convertAndStrip($_POST['txtprice']);
            $desc       = $db->convertAndStrip($_POST['txtdesc']);
            $ad_type    = $db->convertAndStrip($_POST['rdoadtype']);
            
            $submitdate = date('Y-m-d');
            $expiredate = date('Y-m-d', strtotime("+30 days"));

            $result = $db->query("INSERT INTO `product` (
                        `member_id`,`category_id`, `subcategory_id`, `product_type`, `product_title`,
                        `product_price`, `product_submitdate`, `product_expiredate`, `product_description`
                    )VALUES(
                        '$member_id','$category','$subcategory','$ad_type','$title',
                        '$price','$submitdate','$expiredate','$desc'
                    )");
            $product_id = $db->getLastInsert();
            if($result){
                echo 'upload_photo.php?i='.$product_id.'~success';
            }else{
                echo '~error';
            }
            
        break;

        case 'update_profile':
			
			$member_id      = $myAcc['member_id'];
			
            $firstName  = $db->convertAndStrip($_POST['txtFirstName']);
            $lastName   = $db->convertAndStrip($_POST['txtLastName']);
            $gender     = $db->convertAndStrip($_POST['rdoGender']);
            
            $email      = $db->convertAndStrip($_POST['txtEmail']);
            $mobile     = $db->convertAndStrip($_POST['txtMobile']);
            $address    = $db->convertAndStrip($_POST['txtAddress']);
            $country    = $db->convertAndStrip($_POST['cboCountry']);

            $result = $db->query("UPDATE `member` SET
                        `member_firstname`='$firstName',`member_lastname`='$lastName',`member_gender`='$gender',
                        `member_address`='$address',`member_country`='$country',
                        `member_mobile`='$mobile',`member_email`='$email' WHERE member_id=$member_id
                    ");
		
            if(!$result){
                echo "~error";
                exit;
            }else{
                echo "You profile has been successfully upaded.~success";
            }
        break;

        case 'profile_password':

            $oldPassword    = md5($db->convertAndStrip($_POST['txtoldPassword']));
            $newPassword    = md5($db->convertAndStrip($_POST['txtnewPassword']));
            $member_id      = $myAcc['member_id'];

            $query  = $db->query("SELECT COUNT(*) AS cnt FROM member WHERE member_id=$member_id AND member_password='$oldPassword'");
            $res    = $db->fetch($query);
            if($res['cnt']==0){
                echo 'Wrong old Password.~oldpassword';
                exit;
            }

            $result = $db->query("UPDATE `member` SET `member_password`='$newPassword' WHERE member_id=$member_id");

            if(!$result){
                echo "error";
                exit;
            }

            echo 'Password has been changed ~success';
        break;

        case 'comment':
            
            $comment = $db->convertAndStrip($_POST['txtcomment']);
            $product_id = $db->convertAndStrip($_POST['product_id']);
            $member_id = @$_SESSION['member_id'];
            
            if(empty($_SESSION['member_id'])){
                echo '~expire';
            }else{
                $result  = $db->query("INSERT INTO comment(comment_description, comment_date, product_id, member_id)VALUES('$comment',now(),'$product_id','$member_id')");
                if($result){
                    $query = $db->query("SELECT member.*, comment.* FROM comment INNER JOIN member ON member.member_id=comment.member_id WHERE comment.product_id=$product_id ORDER BY comment.comment_date DESC");
                    $html_str = '<table width="100%">';
                    while($row = $db->fetch($query)){
                        $html_str .= '<tr><td><b>'.$row['member_username'].'</b> <small>'.$row['comment_date'].'<small></td></tr>';
                        $html_str .= '<tr><td>'.$row['comment_description'].'</td></tr>';
                        $html_str .= '<tr><td style="border-bottom: 1px dotted #e0e0e0;"></td></tr>';
                    }
                    $html_str .= '</table>';
                    echo $html_str.'~success';
                }else{
                    echo '~error';
                }
            }

        break;

    }
}
?>
